On the 28th of June, 2023, the European Commission released a proposal for updating the EU’s Second Payment Services Directive (PSD2). This highly anticipated package introduces a number of significant changes to payments legislation that will impact banks, payment service providers (PSPs), other third party providers and, of course, the merchants and marketplaces they serve.
The introduction of PSD2 in 2016 enabled disruptor businesses to take advantage of a payments ecosystem that was more open and accessible than ever before. Significantly, it established a framework that mandated banks to grant third-party providers access to their customers' financial data, with proper consent. This groundbreaking regulation fostered transparency, competition and customer-centricity within the banking sector, propelling Open Banking into the mainstream. Buy Now, Pay Later (BNPL) platforms harnessed this new financial infrastructure, leveraging the rich data shared by banks to deliver flexible and convenient payment options to consumers.
These developments have steadily increased the availability and adoption of innovative payments services, but a lot has changed since 2016. Electronic payments in the EU have shown consistent growth, reaching a value of €240 trillion by 2021, compared with €184.2 trillion in 2017. The COVID-19 pandemic accelerated the adoption of digital purchasing and payments, which was especially noticeable in the traditionally offline world of B2B. To match the rapid advancements of payments and trade, fraudsters have become increasingly sophisticated, putting businesses and individuals at risk while eroding the trust of buyer-seller relationships.
In response, the European Commission began to consult PSPs, regulators, EU authorities and industry experts to find out more about the effectiveness of PSD2 and whether the legislation needs updating to reflect changes in the payments world. Spoiler alert: it does.
What did the consultation find?
The consultation revealed that PSD2 had been successful in opening up the ecosystem, increasing competition and enabling innovation, which has resulted in more choice and value for end users. It also found that:
- APIs (application programming interfaces) provide access to products, services and data sharing, but technical issues and a lack of standardisation mean they aren’t living up to their full potential.
- SCA (strong customer authentication) has successfully reduced fraud, but concerns remain about how increased friction impacts merchants and excludes users who don’t have a mobile device.
- Lack of coherence with other EU legislation, including GDPR, has made it difficult to understand how the rules of data protection aligned with PSD2.
What has the European Commission proposed?
Based on the findings of their consultation, the European Commission has proposed a payment service package which includes PSD3 and a new Payment Service Regulation (PSR).
Put simply, PSD2 becomes PSR – a directive becomes a regulation. What’s the difference? EU countries are required to adapt directives into national legislation, which means that there is room for different interpretations by each member state. Meanwhile, regulations must be applied ‘as is’. This ensures more harmony across all 27 EU countries. With most of the rules from PSD2 transferring to PSR, the aim is to achieve a more consistent payments market across the whole EU.
Meanwhile, PSD3 will be a newly created directive that sees the licensing and authorisation regimes of PSD2 merged with the E-Money Directive. Under this new framework, Electronic Money Institutions (EMI) will be incorporated as a subcategory of Payment Institutions (PIs). This is because payment services and e-money services are considered to be similar enough in their nature and risks that they should share legal requirements. This change has been proposed to create a clearer framework for e-money and payment institutions and to establish obligations for managing customer data sharing.
When will PSD3 come into effect?
The proposals for PSD3 and PSR will now go through the usual EU legislative process, which is expected to take around two years to complete. Based on the current proposals, it will take 18-24 months for the regimes to apply or enter into force after the texts are agreed upon. Assuming that the texts are agreed upon in 2025, the new regimes could be binding sometime in 2026.
What does PSD3 mean for B2B?
Any changes to payment directives or regulations will have an impact on B2B businesses, regardless of whether they’re on the seller or buyer side of a payment. The most significant impacts of PSD3 and PSR on B2B are compiled below.
1. Better APIs = better financial services for businesses
APIs have become an industry norm, but to date there has been no standardisation keeping their quality or operability in check. PSR will include requirements for minimum API availability and latency. The result? Buyers and sellers will have more reliable access to a greater number of services and the overall quality of online payment journeys will increase.
2. Further adoption of Open Banking
New regulations will require that an open banking SCA journey must be just as seamless as those available via online banking. With a significantly cheaper price than card payments, merchant demand for Open Banking is already high, but to ensure buyer adoption, the user experience needs to be trustworthy, convenient and frictionless. Implemented correctly, this will further spread the use of Open Banking in B2B.
3. Greater financial accessibility
Growing adoption of Open Banking services will enable new fintech firms with innovative payment and lending solutions to enter the market. With their financial information and credit history readily available, SMEs will find it easier to access products and services that they may have previously been shut out of.
4. Direct access to payment systems
Under PSR, fintech firms will be able to directly access payment systems – something that only banks are legally allowed to do at the moment. Currently, payment firms depend on the choices made by banks, but this is set to change, creating more opportunities for competition and innovation, which means more options for buyers and sellers.
5. Enhanced payment fraud mitigation
New regulation will enable payments providers to share fraud-related information between themselves, strengthen customer authentication rules and extend refund rights for fraud victims, ultimately helping to minimise and mitigate risk. The European Commission proposes a system for checking alignment of payees' IBAN numbers with their account names mandatory for all credit transfers.
What does PSD3 mean for Hokodo?
PSD3 will impact our operations here at Hokodo in two major ways.
Greater use of Open Banking
Our collaboration with Pave has allowed us to harness the power of Open Banking in the UK market. Through secure data access, we gain deeper insights into buyers' financial health, enabling us to evaluate creditworthiness with increased accuracy and tailor our offerings accordingly. This granular assessment goes beyond conventional credit scoring, allowing us to extend credit lines to deserving customers who may have been declined by automatic processes.
However, as a pan-European business and B2B BNPL provider able to operate across the EU, our ambitions extend beyond the UK. With the arrival of PSD3 and the introduction of premium APIs, we envision the expansion of our Open Banking solution to Europe. This development is crucial, as the current PSD2 framework does not adequately cover business bank accounts. By leveraging the enhanced capabilities provided by PSD3 and premium APIs, we aim to unlock new growth opportunities and provide seamless access to credit for businesses across Europe.
Enhanced fraud prevention
PSD3 will play a vital role in bolstering payment security measures. One such measure is the IBAN/name check, where payments are verified by the bank to ensure that the account holder's name matches the IBAN associated with that name. This powerful process helps prevent spoofing, which is a deceptive technique used by malicious actors to trick individuals or organisations into believing they are interacting with a legitimate entity. It strengthens the overall security infrastructure within the payment ecosystem and safeguards against unauthorised access, protecting both the payer and payee.
Hokodo’s fraud management processes are already pioneering in the B2B BNPL space, but further security measures will enable us to offer larger credit limits to a greater number of buyers, while ensuring that fraudulent transactions aren’t authorised.
Sign up to the Hokodo newsletter for the latest developments in the world of payments regulation.